HomeSignal explorerSpoofed CI-bot / npm-security advisory claiming package-lock.json integrity hashes have "drifted" from expected checksums. Lures the developer to regenerate the lockfile via a malicious npx command or an attacker-controlled "lockfile integrity validator" link. Real Dependabot / Renovate lockfile updates arrive as automated PRs from canonical domains — never as inbound email demanding a manual CLI action on a deadline. Sender NOT on the CI-publisher canonical allowlist (github.com, npmjs.com, renovatebot.com, dependabot.com, etc.). Source: Red-Team R8 multi-agent council C4 (supply-chain specialist).

WarningOther

Spoofed CI-bot / npm-security advisory claiming package-lock.json integrity hashes have "drifted" from expected checksums. Lures the developer to regenerate the lockfile via a malicious npx command or an attacker-controlled "lockfile integrity validator" link. Real Dependabot / Renovate lockfile updates arrive as automated PRs from canonical domains — never as inbound email demanding a manual CLI action on a deadline. Sender NOT on the CI-publisher canonical allowlist (github.com, npmjs.com, renovatebot.com, dependabot.com, etc.). Source: Red-Team R8 multi-agent council C4 (supply-chain specialist).

package-lock-integrity-drift

What this tier means

Warning signal — bulk / marketing / mild spam. Contributes to the trash score but is not by itself sufficient.

How Gorganizer detects this

Spoofed CI-bot or npm-security advisory claiming package-lock.json integrity hashes have "drifted" from expected checksums. Lures the developer to regenerate the lockfile via a malicious `npx` command or an attacker-controlled "lockfile integrity validator" link within a deadline. Real Dependabot / Renovate lockfile updates arrive as automated PRs from their canonical domains (github.com, renovatebot.com, dependabot.com, npmjs.com) — never as inbound email demanding a manual CLI action on a deadline. Supply-chain attack vector: attacker-controlled lockfile validator script → npm install --package-lock-only overwrites lockfile with attacker-chosen package hashes → compromised packages pulled on next CI run. Sender NOT on the CI-publisher canonical allowlist. Source: Red-Team R8 multi-agent council C4 (supply-chain specialist).

False-positive guard

Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a warning-tier signal — bulk / marketing / mild spam. It contributes to the trash score but never triggers deletion on its own. Gorganizer requires multiple signals + a margin over the safety floor before any email is moved to trash.

About the scoring engine

Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.

Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.

Browse all signalsSafety guaranteesJSON

Ready to clean your inbox?

Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.

Get started